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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including tiie fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 

has been withdrawn pursuant to 37 CFR 1.114. 
Applicant's submission filed on 7-9-2008 has been entered. 

2. Claims 1 - 30 are pending. Claims 1, 19 have been amended. Claims 1, 19 are 
independent. This application was filed on 1 2-1 1 -2003. 

Response to Arguments 

3. Applicant's arguments filed 7-9-2008 have been fully considered but they are not 
persuasive. 

3.1 Applicant argues that the referenced prior art does not disclose, "code ID being 

publicly available to any entity", (see Remarks Pages 12, 13) 

There is no disclosure for the term "publicly available" in the specification or 
original claims and no disclosure for the claim limitation "a publicly available code ID". 
See the 112 rejection. 
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3.2 Applicant argues that the referenced prior art does not disclose, multiple versions 
of the security information", (see Remarks Page 12) 

The Yan prior art discloses that the first entity has the capability to store multiple 
versions of the identification information (code ID, integrity metric) for multiple versions 
of the information for the first entity, (see Yan paragraph [0054], lines 1-14: particular 
metric may change with time requiring a new value to be stored; provides a way to store 
sequences of integrity metrics; values of integrity metrics are appended to a sequence) 

3.3 Applicant argues that the referenced prior art does not disclose, dependent 
claims, (see Remarks Page 1 3) 

Arguments for dependent claims are based upon above arguments for 

independent claims 1, 19. The successful responses to arguments for independent 
claims 1,19, also successfully respond to the current arguments against the 
corresponding dependent claims. 

3.4 Previous responses are re-iterated: 

There does not appear to be any claim limitations that discredits or discourage 

usage of the current referenced prior art. The Yan prior art discloses the capability for 
the second entity to "know" the first entity when the attestation message is received. 
The Yan prior art checks a list of trusted application as a security or trust check for the 
attestation message. The Yan prior art discloses that the first entity has the capability to 
store multiple versions of the identification information (code ID, integrity metric) for 
multiple versions of the information for the first entity. 
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The Yan prior art discloses the additional feature of conditional trust. The Yan 
prior art discloses the capability to monitor the state of trust between two entities. If the 
trusted condition changes, appropriate action is taken. Additional features disclosed 
within a referenced prior art do not remove the fact that the prior art discloses the claim 
limitation. The Yan prior art discloses the initiation and usage of attestation between 
two entities in a trusted state. There is no disclosure that the trust solution of the 
claimed invention does not require a generation of a distrust signal as stated in remarks. 
The claimed invention makes no mention of a distrust signal. Applicants' remarks state 
that, "claim 1 is directed towards obtaining a trust-based relationship which does not 
require a generation of distrust signals for maintaining trust". This is no mention in 
claim 1 of "distrust signals" or "maintaining trust" without distmst signals in the claimed 
invention. 

The Yan prior art discloses integrity metric such as a public key, which is used as 
an identity for the trusted platfomri. (see Yan paragraph [0055], lines 6-14: tmsted 
platform identity (code ID)) The public key is a value by which the trusted platform is 

known and is representative of the trusted platform. Other entities have knowledge of 
the public key. (see specification paragraph [0005] for code ID) 

The Yan prior art discloses a symmetric key, (see Yan paragraph [0062], lines 1-4; 
paragraph [0064], lines 1-4: symmetric key (session key or single key used for 
cryptographic procedures)), and a public/private key pair (see Yan paragraph [0055], 
lines 6-14; paragraph [0059], lines 1-12: public/private key pair and certificates) and 
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The Yen prior art discloses that attestation information can be updated, (see Yan 
paragraph [0054], lines 1-14: update attestation information (integrity metrics)) 

The Yan prior art discloses attestation initiation. The can-attest and attestation- 
wanted messages are an attestation initiation sequence protocol. The Yan prior art 
discloses the initiation of a trust relation between two entities or the initiation of 
attestation. (Yan paragraph [0058], lines 1-7; paragraph [0060], lines 1-6; paragraph 
[0060], lines 6-9: initiation of attestation and trust relationship) 

The Qui prior art does not discredit or discourage the usage of expiration time 

limits therefore, the Qui prior art does not teach away from the use of expiration time 
limits. The Qui prior art mentions the difficulties of operating with expiration time limits. 
The Qui prior art states: 

(1) : "Therefore, restricting certificate lifetime could be used to control the 
extent of older technology in circulation and to reduce the risk associated with 
older products being more susceptible to attack" (see Qui paragraph [0021]); 
and 

(2) : "However, the shorter lifetime is defined, the more often certificate 
renewal or re-enrollment would need to be performed, which would increase 
the operational cost of a certificate authority." (see Qui paragraph [0021]) 

Statement 1 is an advantage and Statement 2 is a disadvantage. There is no 

disclosure of teaching away but the mention of alternatives. The mentioning of 

altematives is not teaching away. 
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Claim Rejections - 35 USC §112 

4. The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of tlie invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

5. Clainns 1, 19 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the written description requirement. The c!alm(s) contains subject matter 
which was not described in the specification in such a way as to reasonably convey to 
one skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention. 

For claims 1,19 there is no disclosure for the term, "publicly available" in the claim 
limitation: "publicly available to any entity including the second entity". The 
specification on page 10 in paragraph [0031] discloses that the code ID should be well 
known (no exact definition of what this means) especially by the second entity. Based 
on this disclosure, the specification only states that the code ID is well known to the 
second entity and not publicly available (known to "all entities"). The Yan prior art 
discloses a list of trusted application(s) that the second entity can check the code ID 
(integrity metric) of the first entity against. 

Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 
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A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by another 
filed in the United States before the invention by the applicant for patent or (2) a patent granted on an 
application for patent by another filed in the United States before the invention by the applicant for patent, 
except that an international application filed under the treaty defined in section 351(a) shall have the effects 
for purposes of this subsection of an application filed in the United States only if the international 
application designated the United States and was published under Article 21(2) of such treaty in the 
English language. 

7. Claim 1 - 14, 17 - 27, 29, 30 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Yan et al. (US PGPUB No. 20050033987). 



Regarding Claims 1, Yan discloses a method of establishing trust between 

independent first and second computer-type entities, the first entity operating in a 
trusted manner on a computing device and seeking a trust-based relationship with the 
second entity, whereby the first entity constructs an attestation message to be delivered 
to the second entity, the attestation message including a code identifier (code ID) 
representative of the first entity and data relevant to the purpose of the trust-based 
relationship, the second entity having knowledge of each valid code ID corresponding to 
the first entity, the first entity appends a digital signature to the attestation message and 
a certificate chain leading back to a trusted root authority, the signature being based on 
the code ID and data thereof and being verifiable based on a security key included in 
the certificate chain, the certificate chain including at least one certificate therein 
proffering trustworthiness of the computing device of the first entity, and the first entity 
sends the attestation message to the second entity and the second entity receives 
same, the method comprising: 

a) the second entity verifying the signature of the received attestation message 
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based on the included security key, whereby alteration of the code ID or data of 
the attestation message should cause the signature to fail to verify, the second 
entity based on such a failure dishonoring such attestation message; (see Yan 
paragraph [0058], lines 1-10; paragraph [0061], lines 12-16: attestation 
techniques utilized; paragraph [0060], lines 1-6: verify attestation message; 
paragraph [0060], lines 6-9; paragraph [0019], lines 10-13: modification of 
configuration data (attestation message information, certificate information 
revoked), attestation information dishonored) 

b) the second entity deciding whether to in fact enter into the trust-based 
relationship with the first entity based on the code ID and the data in the 
attestation message; (see Yan paragraph [0060], lines 6-1 1 : determination 
whether accept trust relationship) 

c) the second entity upon deciding to in fact enter into the trust-based relationship 
with the first entity constructing a trust message to be delivered to the first entity, 
the trust message establishing the trust-based relationship and including therein 
a secret to be shared between the first and second entities, where such shared 
secret allows such first and second entities to communicate in a secure manner; 
(see Yan paragraph [0062], lines 1-4; paragraph [0064], lines 1-4: secret 
(session key) exchanged for future messaging, communications) and 

d) the second entity sending the trust message to the first entity and the first entity 
receiving same, whereby the first entity obtains the shared secret in the trust 
message and employs the shared secret to exchange information with the 
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second entity according to tine established trust-based relationsliip witli sucli 
second entity, (see Yan paragraph [0062], lines 1-4; paragraph [0064], lines 1-4: 
session exchanged between entities, utilized for future messaging between 
entities) 

In addition, Yan discloses: 

the code ID being publicly available to any entily inciuding the second entity and 
comprising a one- way hashing functjon a pplied to a concatenation of operating code 
representative of the first e ntit y and s ecurit y information relating to the first entity but 
separate from the operating code representative of the first entity, the security 
information including at least one security parameter employed by the first entity. 
{see Yan paragraph [0060], lines 5-9: checks two things: signatures on certificates 
are valid and not revoi<ed; application has is on the server 's list of applications it 
trusts; there is no disclosure for publicly available) 

the first entity potentially having multiple versions thereof or employing multiple 
versions of the security information and thereby potentially having multiple publicly 

available valid code IDs corresponding thereto , (see Yan paragraph [0054], lines 1- 
14: particular metric may change with time requiring a new value to be stored; 
provides a way to store sequences of integrity metrics; values of integrity metrics are 
appended to a sequence) 

the deciding including determining that the code ID in the attestation message 
matches a publicly available code ID for the first entity and known to the second 
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entity: (see Van paragraph [0060], lines 5-9: checks two things: signatures on 
certificates are valid and not revoked; application has is on the server's list of 
applications it trusts; there is no disclosure for publicly available) 

Regarding Claims 2, Yan discloses the method of claim 1 wherein the first entity 
encrypts at least one of the code ID and the data of the attestation message according 
to a key available to the second entity, the method further comprising the second entity 
decrypting such encrypted matter, (see Yan paragraph [0059], lines 6-12: certificate 
(public/private) key available to second entity, utilized to encrypt (signature) attestation 
information) 

Regarding Claims 3, Yan discloses the method of claim 1 wherein the second entity 

consumes the attestation message by application of same to a verifying function that 
automatically verifies the attestation message based on a format thereof and that 
extracts relevant information from such verified attestation message for use by the 
second entity, (see Yan paragraph [0060], lines 6-9: verify attestation message with 
extracted information based on formatted information (certificate information, encrypted 
hash)) 

Regarding Claims 4, Yan discloses the method of claim 1 wherein the second entity 
decides based on the code ID of the first entity in the attestation message therefrom 
whether the second entity can be trusted, and also decide based on the certificate chain 
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of the message whether the computing device can be trusted, (see Yan paragraph 
[0060], lines 9-12: entity can be trusted; paragraph [0060], lines 1-6: certificate chain 
utilized to establish trust) 

Regarding Claims 5, Yan discloses the method of claim 4 wherein the second entity 
identifies the first entity based on the code ID thereof and decides based on the identity 
of the first entity whether such first entity can be trusted, (see Yan paragraph [0060], 
lines 6-9: integrity metric (code ID) of first entity utilized in trust determination) 

Regarding Claims 6, Yan discloses the method of claim 5 wherein the second entity 
determines that the identified first entity is not on a do-not-trust list, (see Yan paragraph 
[0060], lines 6-9: check identity on certificate revoked list (do-not-trust list)) 

Regarding Claims 7, Yan discloses the method of claim 4 wherein the second entity 
determines that the code ID is a known code ID and that the first entity can be trusted 
based on such code ID. (see Yan paragraph [0060], lines 6-9: check first entity on 
application trust list based on integrity metric (code ID) of first entity) 

Regarding Claims 8, Yan discloses the method of claim 4 wherein the second entity 
determines from the certificate chain whether the computing device of the first entity 
should be trusted to instantiate and execute the first entity in a trusted manner and 
should be trusted to calculate the code ID properly, (see Yan paragraph [0060], lines 1- 
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9: certificate information utilized to determine trust status) 

Regarding Claims 9, Yan discloses the method of claim 8 wherein the second entity 
determines that each certificate in the certificate chain is not on a do-not-trust list, (see 
Yan paragraph [0060], lines 6-9: check certificate in certificate chain, not on revoked list 
(do-not-trust list)) 

Regarding Claims 10, Yan discloses the method of claim 1 wherein the second entity 
constructs a trust message including therein a shared secret comprising a symmetric 
key (K) that the first and second entities shall each employ to encrypt and decrypt 
messages therebetween, (see Yan paragraph [0062], lines 1-4; paragraph [0064], lines 
1-4: session key exchanged between entities for future messaging) 

Regarding Claims 11, Yan discloses the method of claim 10 wherein the second entity 
constructs a trust message including therein the symmetric key (K) encrypted according 
to a public key of the first entity (PU-1) to result in (PU-1(K)), the second entity obtaining 
(PU-1) from the certificate chain of the attestation message, and wherein the first entity 
obtains the symmetric key (K) from the received trust message by applying a private 
key (PR-1) corresponding to (PU-1) to (PU-1(K)) to result in (K). (see Yan paragraph 
[0059], lines 6-12: public/private certificate key, encrypt (signature) attestation 
information) 
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Regarding Claims 12, Yan discloses the method of claim 1 wherein the second entity 
constructs a trust message further including therein an identification of a cryptographic 
algorithm to be employed in connection with the shared secret, (see Yan paragraph 
[0062], lines 1-4; paragraph [0064], lines 1-4: session key for secure communications 
(interaction); paragraph [0065], lines 9-15: updated attestation information 
(cryptographic algorithm), protocol for exchange negotiated) 

Regarding Claims 13, Yan discloses the method of claim 1 wherein the second entity 
constructs a trust message further including therein the code ID of the first entity as 
obtained from the attestation message, (see Yan paragraph [0059], lines 6-12: generate 
(integrity metric (code ID), attestation information) 

Regarding Claims 14, Yan discloses the method of claim 1 wherein the second entity 
constructs a trust message further including relevant trust data encrypted according to a 
key available to the first entity, and wherein the first entity decrypts the encrypted trust 
data by applying the key thereto, (see Yan paragraph [0059], lines 6-12: public/private 
key certificate (available to first entity) used to encrypt (signature) attestation 
information) 

Regarding Claims 17, Yan discloses the method of claim 1 whereby the trust message 
is a first trust message and the shared secret is a first shared secret, the method further 
comprising: the second entity constructing a second trust message to be delivered to 
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the first entity, the second trust message including therein a second secret to be shared 
between the first and second entities, where such second shared secret allows such 
first and second entities to communicate in a secure manner; the second entity sending 
the second trust message to the first entity and the first entity receiving same, whereby 
the first entity obtains the second shared secret in the trust message and employs the 
second shared secret to exchange information with the second entity, the first shared 
secret no longer being valid, (see Yan paragraph [0062], lines 1-4; paragraph [0064], 
lines 1-4: session key exchanged between entities for future communications) 

Regarding Claims 18, Yan discloses the method of claim 1 wherein prior to the first 
entity constructing the attestation message, the first entity sends a can-attest message 
to the second entity, the can-attest message stating that the first entity can send an 
attestation message but that the first entity would like to know from the second entity 
whether such an attestation message is required by such second entity and if so any 
requirements that such second entity has with regard to such attestation message, the 
method further comprising the second entity sending an attestation-wanted message to 
the first entity in response to the can-attest message, the attestation-wanted message 
stating that the second entity does in fact require an attestation message from the first 
entity and that the attestation message as sent by the first entity must adhere to certain 
requirements as defined in such attestation-wanted message, whereby the first entity 
thereafter sends the attestation message in accordance with the requirements stated in 
the attestation-wanted message, (see Yan paragraph [0065], lines 9-15: update 
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attestation (wanted-message) Information, negotiate protocol for exchange of attestation 
Information) 

Regarding Claims 19, Yan discloses a method of establishing trust between 
independent first and second computer-type entitles, the first entity operating in a 
trusted manner on a computing device and seeking a trust-based relationship with the 
second entity, the method comprising: 

a) the first entity constructing an attestation message to be delivered to the second 
entity, the attestation message including a code identifier (code ID) representative of 
the first entity and data relevant to the purpose of the trust-based relationship, the 
second entity having knowledge of each valid code ID corresponding to the first 
entity (see Yan paragraph [0060], lines 6-9: check entity Integrity metric (code ID), 
identify on application trust list); 

b) the first entity appending a digital signature to the attestation message and a 
certificate chain leading back to a trusted root authority, the signature being 
based on the code ID and data thereof and being verifiable based on a security 
key Included In the certificate chain, the certificate chain Including at least one 
certificate therein proffering trustworthiness of the computing device of the first 
entity; (see Yan paragraph [0060], lines 1-6: certificate chain utilized for 
attestation Information, (exchange, verification)) 

c) the first entity sending the attestation message to the second entity and the 
second entity receiving same, whereby the second entity verifies the signature of 
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the received attestation message based on tlie included security key (see Yen 
paragrapli [0060], lines 6-9: verify signature, attestation information), whereby 
alteration of the code ID or data of the attestation message should cause the 
signature to fail to verify, the second entity based on such a failure dishonoring 
such attestation message, the second entity decides whether to in fact enter into 
the trust-based relationship with the first entity based on the code ID and the data 
in the attestation message, the second entity upon deciding to in fact enter into 
the trust-based relationship with the first entity constructs a trust message to be 
delivered to the first entity, the trust message establishing the trust-based 
relationship and including therein a secret to be shared between the first and 
second entities, where such shared secret allows such first and second entities 
to communicate in a secure manner, and the second entity sends the trust 
message to the first entity and the first entity receiving same; (see Yan paragraph 
[0062], lines 1-4; paragraph [0064], lines 1-4: session key exchanged between 
entities for future messaging, communications) and 
d) the first entity obtaining the shared secret in the trust message and employing the 
shared secret to exchange information with the second entity according to the 
established trust-based relationship with such second entity, (see Yan 
paragraph [0062], lines 1-4; paragraph [0064], lines 1-4: session key exchanged 
between entities for future messaging, communications) 

In addition, Yan discloses: 

the code ID being pubilciv available to any entity including the second entity and 
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comprising a one-way hashing function appiied to a concatenation of operating code 
representative of the first entity and security information relating to the first entity but 
separate from the operating code representative of the first entity, the security 
information including at least one security parameter employed bv the first entity, 
(see Yan paragraph [0060], lines 5-9: checks two things: signatures on certificates 
are valid and not revoked; application has is on the server s list of applications it 
trusts; there is no disclosure for publicly available) 

the first entity potentially having multiple versions thereof or employing multiple 
versions of the security information and thereby potentially having multiple publicly 
available valid code IDs corresponding thereto , (see Yan paragraph [0054], lines 1- 

14: particular metric may change with time requiring a new value to be stored; 
provides a way to store sequences of integrity metrics; values of integrity metrics are 
appended to a sequence) 

the deciding including determining that the code ID in the attestation message 
matches a publicly available code ID for the first entity and known to the second 
entity: (see Yan paragraph [0060], lines 5-9: checks two things: signatures on 
certificates are valid and not revoked; application has is on the server's list of 
applications it trusts; there is no disclosure for publicly available) 



Regarding Claims 20, Yan discloses the method of claim 19 wherein the first entity 
constructs an attestation message including a code identifier (code ID) calculated from 
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a digest of tlie first entity, wliereby alteration of tlie first entity causes tlie code ID to 
change, (see Yan paragraph [0065], lines 9-15: updated integrity metric (code ID) 
modified, new attestation protocol required) 

Regarding Claims 21, Yan discloses the method of claim 20 wherein the first entity 
constructs an attestation message including a code identifier (code ID) calculated from 
a digest of the first entity and from security information relating thereto, whereby 
alteration of the first entity or the security information causes the code ID to change, 
(see Yan paragraph [0065], lines 9-15: alteration of security information causes integrity 
metric (code ID) to be modified) 

Regarding Claims 22, Yan discloses the method of claim 19 wherein the first entity 

constructs an attestation message including trust information relevant to the trust-based 
relationship, (see Yan paragraph [0065], lines 9-15: generate attestation information 
with updated integrity information) 

Regarding Claims 23, Yan discloses the method of claim 19 further comprising a code 
ID calculator on the computing device of the first entity calculating the code ID, the code 
ID calculator operating in a trusted manner on the computing device, (see Yan 
paragraph [0020], lines 7-8: generate integrity metric (code ID) on trusted device) 

Regarding Claims 24, Yan discloses the method of claim 19 further comprising the first 
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entity encrypting at least one of the code ID and tlie data of the attestation message 
according to a key available to the second entity, and the second entity decrypting such 
encrypted matter, (see Yan paragraph [0060], lines 1-9: public/private key certificate 
(know to second entity) utilized to encrypt (signature) attestation information, second 
entity must decrypt for verification) 

Regarding Claims 25, Yan discloses the method of claim 19 wherein the first entity 
creates the attestation message by application of the code ID and data thereof to a 

quoting function that automatically produces the attestation message in an appropriate 
format that is accessible to the second entity, (see Yan paragraph [0065], lines 9-15: 
attestation information generated in an accessible format (negotiated) with second 
entity)) 

Regarding Claims 26, Yan discloses the method of claim 19 wherein the second entity 
constructs a trust message including therein a shared secret comprising a symmetric 
key (K) that the first and second entities shall each employ to encrypt and decrypt 
messages therebetween, the symmetric key (K) being encrypted according to a public 
key of the first entity (PU-1) to result in (PU-1(K)), the second entity obtaining (PU-1) 
from the certificate chain of the attestation message, the method comprising the first 
entity obtaining the symmetric key (K) from the received trust message by applying a 
private key (PR-1 ) corresponding to (PU-1 ) to (PU-1 (K)) to result in (K). (see Yan 
paragraph [0062], lines 1-4; paragraph [0064], lines 1-4: session key utilized for 



Application/Control Number: 10/734,028 Page 20 

Art Unit: 2436 

messaging between first and second entities; paragraph [0059], lines 4-9: public/private 
key for encryption/decryption (signature attachment)) 

Regarding Claims 27, Yan discloses the method of claim 19 wherein the second entity 
constructs a trust message further including relevant trust data encrypted according to a 
key available to the first entity, the method comprising the first entity decrypting the 
encrypted trust data by applying the key thereto, (see Yan paragraph [0059], lines 6-12: 
attestation information encrypted (signature) based on public/private keys (known to first 
entity)) 

Regarding Claims 29, Yan discloses the method of claim 19 whereby the trust 
message is a first trust message and the shared secret is a first shared secret, and 

whereby the second entity constructs a second trust message to be delivered to the first 
entity, the second trust message including therein a second secret to be shared 
between the first and second entities, where such second shared secret allows such 
first and second entities to communicate in a secure manner (see Yan paragraph 
[0062], lines 1-4; paragraph [0064] lines 1-4: session key exchanged between entities 
for future messaging), and the second entity sends the second trust message to the first 
entity and the first entity receives same, the method further comprising the first entity 
obtaining the second shared secret in the trust message and employing the second 
shared secret to exchange information with the second entity, whereby the first shared 
secret is no longer valid, (see Yan paragraph [0065], lines 9-15: update attestation 
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information, previous attestation information invalid) 

Regarding Claims 30, Yan discloses the method of claim 19 further comprising, prior to 
the first entity constructing the attestation message, the first entity sending a can-attest 
message to the second entity, the can-attest message stating that the first entity can 
send an attestation message but that the first entity would like to know from the second 
entity whether such an attestation message is required by such second entity and if so 
any requirements that such second entity has with regard to such attestation message, 
whereby the second entity sends an attestation-wanted message to the first entity in 
response to the can-attest message, the attestation-wanted message stating that the 
second entity does in fact require an attestation message from the first entity and that 
the attestation message as sent by the first entity must adhere to certain requirements 
as defined in such attestation-wanted message, the first entity thereafter sending the 
attestation message in accordance with the requirements stated in the attestation- 
wanted message, (see Yan paragraph [0065], lines 9-15: attestation information 
(wanted-message) formatted in a negotiated format) 

Claim Rejections - 35 USC § 103 

8. The following Is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth In this Office action: 

a) A patent may not be obtained though the invention is not identically disclosed or deschbed as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the phor art 
are such that the subject matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
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negatived by the manner in wliicli tine invention was made. 

9. Claim 15 is rejected under 35 U.S.C. 103(a) as being unpatentable over Yan in 
view of Qui (US PGPUB No. 20040148505). 

Regarding Claims 15, Yan discloses the method of claim 1 wherein the second entity 
constructs a trust message after which the shared secret and the established trust- 
based relationship are no longer valid, (see Yan paragraph [0060], lines 6-9: certificate 
revoked, trust relationship not valid if certificate revoked) Yan does not specifically 
disclose whereby an expiration time. However, Qui discloses wherein an expiration 
time, (see Qui paragraph [0040], lines 1-7; paragraph [0021], lines 8-11: expiration 
timer for certificate information) 

It would have been obvious to one of ordinary skill in the art to modify Yan to 
enable the capability for a trust message further including an expiration time as taught 
by Qui. One of ordinary skill in the art would have been motivated to employ the 
teachings of Qui in order to enable the capability for the generation, transmission, and 
updating of certificate information when the number of devices is large (see Qui 
paragraph [0007], lines 7-12: "... However, the generation, transmission and updating 
of certificates in association with hardware devices (i.e., the hardware devices are each 
associated with a certificate) may introduce problems in certificate management, 
transmission, control, use, etc., especially where the number of devices is large. ... ") 



10. 



Claims 16, 28 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
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Yan in view of Grawrock (US PGPUB No. 20040117625). 

Regarding Claims 16, Yan discloses the method of claim 1 wherein the second entity 
creates the trust message by application of the shared secret and other relevant 

information that automatically produces the trust message in an appropriate format that 
is accessible to the first entity, (see Yan paragraph [0059], lines 6-12: generate 
formatted attestation information) Yan does not specifically disclose whereby a 
sealing function. However, Grawrock discloses wherein a sealing function, (see 
Grawrocl< paragraph [0018], lines 12-16; paragraph [0025], lines 1-7; paragraph [0026], 
lines 1-6: seal/unseal trusted operation utilized) 

It would have been obvious to one of ordinary skill in the art to modify Yan to 
enable the capability to perform a seal operation within a trusted computing 
environment as taught by Grawrock. One of ordinary skill in the art would have been 
motivated to employ the teachings of Grawrock in order to enable the capability to 
enable local users and remote computing devices an efficient and easier method for the 
completion of trusted operations, (see Grawrock paragraph [0002], lines 7-14: "... 
However, a local user of the platform may also want to establish a similar level of trust 
with the local platform or computing device. It is impractical, however, for a local user to 
perform the same complex calculations and participate in the same complex protocols 
with the fixed token as the remote computing devices in order to establish trust in the 
computing device. ...') 
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Regarding Claims 28, Yan discloses tine method of claim 19 wherein the first entity 
consumes the trust message by application of same that automatically extracts the 
shared secret and other relevant information from such trust attestation message for 
use by the first entity, (see Yan paragraph [0060], lines 6-9: extracts attestation 
information for processing) Yan does not specifically disclose whereby an unsealing 
function. However, Grawrock discloses wherein an unsealing function, (see Grawrock 
paragraph [0018], lines 12-16; paragraph [0025], lines 1-7; paragraph [0026], lines 1-6: 
seal/unseal trusted operation utilized) 

It would have been obvious to one of ordinary skill in the art to modify Yan to 
enable the capability to perform an unseal operation within a trusted computing 
environment as taught by Grawrock. One of ordinary skill in the art would have been 
motivated to employ the teachings of Grawrock in order to enable the capability to 
enable local users and remote computing devices an efficient and easier method for the 
completion of trusted operations, (see Grawrock paragraph [0002], lines 7-14) 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CARLTON V. JOHNSON whose telephone number is 
(571 )270-1032. The examiner can normally be reached on Monday thru Friday , 8:00 - 
5:00PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone 
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number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Nasser G Moazzami/ Carlton V. Johnson 

Supervisory Patent Examiner, Art Unit 2436 Examiner 

Art Unit 2436 
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